CVE-2023-53958
Unknown Unknown - Not Provided
HTTP Host Header Injection in LDAP Tool Box Password Reset Enables Account Takeover

Publication date: 2025-12-19

Last updated on: 2025-12-19

Assigner: VulnCheck

Description
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account takeover by intercepting and using stolen reset tokens.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-19
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-12-19
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53958
EUVD
EUVD-2025-204597
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ldap_tool_box self_service_password 1.5.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-640 The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-53958 is a vulnerability in LDAP Tool Box Self Service Password version 1.5.2 that allows attackers to manipulate the HTTP Host header during the password reset token generation process. By crafting malicious password reset requests with a manipulated Host header, attackers can cause the system to generate password reset tokens that are sent to a server controlled by the attacker. This enables the attacker to intercept and misuse the reset tokens, potentially leading to account takeover without needing prior authentication. [1, 2]

Impact Analysis

This vulnerability can lead to a full account takeover. An attacker can intercept password reset tokens by manipulating the HTTP Host header and sending password reset emails with malicious links pointing to their own server. If a victim clicks the link, the attacker obtains the valid reset token and can reset the victim's password, gaining unauthorized access to the victim's account. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring for unusual or suspicious HTTP Host headers in password reset requests sent to the LDAP Tool Box Self Service Password application, especially requests to the endpoint /?action=sendtoken. You can look for HTTP POST requests with manipulated Host headers that differ from your legitimate domain. For example, using tools like tcpdump or Wireshark to capture HTTP traffic and grep or filter for POST requests to /?action=sendtoken with unexpected Host headers. A sample command to capture such traffic might be: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -i 'POST /?action=sendtoken' or using curl to test by sending crafted requests with altered Host headers to see if the system accepts them. Additionally, reviewing web server logs for password reset requests with Host headers that do not match your expected domain can help detect exploitation attempts. [2]

Mitigation Strategies

Immediate mitigation steps include updating the LDAP Tool Box Self Service Password application to a version later than 1.5.2 where this vulnerability is fixed. If an update is not immediately possible, implement strict validation of the HTTP Host header on the server side to ensure it matches expected domain names before generating password reset tokens or links. Additionally, consider disabling or restricting the password reset functionality temporarily to prevent exploitation. Monitoring logs for suspicious password reset requests and alerting on anomalies can also help mitigate risk until a patch is applied. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53958. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart